I see that three days ago (from this message) someone tried to retrieve the password key. This generates an email to the email address on file, so if a user has forgotten their password, they can reset it.

This can happen by accident, say if someone types in a similar username and doesn't realize they've misspelled it, but as Timethief points out, it can also be malicious.